<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>无标题文档</title>
<style type="text/css">
<!--
#t {
	text-align: center;
}
-->
</style>
</head>

<body>
<p>
  <?php
include_once("conn.php");
$type=$_COOKIE['type'];
$id=$_COOKIE['id'];
$oldpass=$_REQUEST['oldpass'];
$newpass=$_REQUEST['newpass'];
$checkpass=$_REQUEST['checkpass'];
if ($oldpass==null){
?>
</p>
<table width="50%" border="1" >
  <tr id="t">
    <td><form id="form1" name="form1" method="post" action="changepass.php">
      <p>
        <label>旧&nbsp;&nbsp;密&nbsp;&nbsp;码
          <input type="text" name="oldpass" id="oldpass" />
        </label>
      </p>
      <p>
        <label>新&nbsp;&nbsp;密&nbsp;&nbsp;码
          <input type="text" name="newpass" id="newpass" />
        </label>
      </p>
      <p>
        <label>重复新密码
          <input type="text" name="checkpass" id="checkpass" />
        </label>
      </p>
      <p>
        <label>
          <input type="submit" name="submit" id="submit" value="提交" />
        </label>
      </p>
    </form></td>
  </tr>
</table>
<p>&nbsp;</p>
<?php
}
else{
	$sql=selectSQL($type,$id);
	$result=mysql_query($sql);
	$row = mysql_fetch_row($result);
	if ($row[2]==md5($oldpass) && $newpass==$checkpass){
		changePass($type,$id,$newpass);
		echo("更改成功");
	}
	mysql_close($conn);
}

function selectSQL($type,$id){
	switch ($type) {
		case 0:
			$sql = "SELECT * FROM student WHERE `id` = '$id'";
			break;
		case 1:
			$sql = "SELECT * FROM teacher WHERE `id` = '$id'";
			break;
		case 2:
			$sql = "SELECT * FROM admin WHERE `id` = '$id'";
			break;
	}
	return $sql;
}

function changePass($type,$id,$newpass){
	switch ($type) {
		case 0:
			$sql = "UPDATE student SET `pass` =  md5($newpass) WHERE  `id` =$id";
			break;
		case 1:
			$sql = "UPDATE teacher SET `pass` =  md5($newpass) WHERE  `id` =$id";
			break;
		case 2:
			$sql = "UPDATE admin SET `pass` =  md5($newpass) WHERE  `id` =$id";
			break;
	}
	$result=mysql_query($sql);
}
?>
</body>
</html>